1558 matches found
USN-8192-2 ntfs-3g vulnerabilities
USN-8192-1 fixed vulnerabilities in NTFS-3G. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: Jeffrey Bencteux discovered that NTFS-3G incorrectly handled certain UTF-8 sequences. An attacker could use this issue to cause NTFS-3G to crash, resulting in...
EUVD-2026-24980
The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect, causing an immediate crash when encountering valid but non-UTF-8 paths. This diverg...
CVE-2026-35375
CVE-2026-35375 concerns the uutils coreutils split utility, where a logic error causes output filenames to be corrupted when given non-UTF-8 prefixes/suffixes. The code uses to_string_lossy() to build chunk filenames, which rewrites invalid bytes as the UTF-8 replacement character (U+FFFD). Unlik...
CVE-2026-35346 uutils coreutils comm Silent Data Corruption via Lossy UTF-8 Normalization
The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...
CVE-2026-35346
The CVE-2026-35346 entry concerns the uutils coreutils comm implementation; it is affected by a flaw where the program uses String::from_utf8_lossy() and, as a result, applies lossy UTF-8 conversion to all output lines. This causes data corruption when comparing binary files or files with non-UTF...
uutils coreutils 安全漏洞
uutils coreutils is a cross-platform core command-line tool set developed by Uutils Open Source. uutils coreutils has a security vulnerability, which stems from a logical error in the ln function. This error may cause failures when processing filenames that are not in UTF-8 encoding, resulting in...
CLSA-2026-1776438719 Fix CVE(s): CVE-2026-32636
SECURITY UPDATE: heap buffer overflow in UTF-16 to UTF-8 conversion - debian/patches/CVE-2026-32636.patch: allocate length+1 instead of length in ConvertUTF16ToUTF8 in magick/xml-tree.c to make room for the null terminator. - CVE-2026-32636...
bson_validate may skip validation when processing certain inputs
The bsonvalidate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that re...
CVE-2026-6231 bson_validate may skip validation when processing certain inputs
The bsonvalidate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that re...
CVE-2026-6231
The bsonvalidate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that re...
Security Bulletin: Integer Overflow Leading to Packet Corruption in Eclipse Paho Go MQTT, affects watsonx.data
Summary Eclipse Paho Go MQTT version 1.5.0 contains an integer overflow issue when handling UTF-8 strings longer than 65535 bytes. Improper length conversion can cause malformed MQTT packets, potentially leading to data leakage between fields e.g., topic data leaking into message body. This can...
SUSE CVE-2026-34831
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the...
CVE-2026-34831
Rack: The vulnerability CVE-2026-34831 affects Rack::Files#fail, which uses String#size to set Content-Length instead of String#bytesize. When responses include multibyte UTF-8, Content-Length may be too small, causing HTTP framing issues and potential response desynchronization. The issue can be...
SUSE SLES12 Security Update : perl-XML-Parser (SUSE-SU-2026:1152-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1152-1 advisory. - CVE-2006-10002: heap buffer overflow in parsestream when processing UTF-8 input streams bsc1259901. - CVE-2006-10003: off-by-one heap buffer...
OpenCC has an Out-of-bounds read when processing truncated UTF-8 input
Summary OpenCC versions before 1.2.0 contain two CWE-125: Out-of-bounds Read issues caused by length validation failures in UTF-8 processing. When handling malformed or truncated UTF-8 input, OpenCC trusted derived length values without enforcing the invariant that processed length must not excee...
EulerOS 2.0 SP13 : libpcap (EulerOS-SA-2026-1246)
According to the versions of the libpcap package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4...
ClamAV Cascading Style Sheets Image Parsing Error Handling Denial of Service Vulnerability
A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...
CLSA-2026-1772102739 openssl: Fix of CVE-2025-69419
CVE-2025-69419: fix one-byte write-before-buffer triggered by malicious PKCS12 BMPString containing non-ASCII BMP code point; validate UTF8putc return and use correct destination capacity during conversion from UTF-16BE into UTF-8...
CVE-2025-59464
A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through...
CVE-2025-59464
A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through...